Description

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2014-0371.html

http://rhn.redhat.com/errata/RHSA-2014-0372.html

http://secunia.com/advisories/57716

http://secunia.com/advisories/57719

Related Vulnerabilities

CVE-2018-1000407 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2012-6662 Vulnerability in maven package org.webjars:jquery-ui

CVE-2022-41246 Vulnerability in maven package org.jenkins-ci.plugins:ws-execution-manager

CVE-2020-2268 Vulnerability in maven package org.jenkins-ci.plugins:mongodb

CVE-2011-4367 Vulnerability in maven package org.apache.myfaces.core:myfaces-core-project

Severity

Critical

Classification

CWE-94

Tags

Vendor Advisory